Monday, June 15, 2009

Will Cloud Computing Improve EHR Data Security?


As the government pushes for electronic health records (EHRs), many people remain concerned about data security. There have been many reports over the last year about stolen laptops and compromised patient data. Should such critical data reside on a portable machine like a laptop, tablet, or ultra-mobile PC?

Will cloud computing improve EHR data security? If sensitive data is never stored on a laptop, then if the laptop gets stolen, that patient information should be safe as long the person who stole the laptop isn't able to connect with to the health record database. I suppose that if a theif (or hacker) really wanted to get access ot the health record database, he (or she) would not necessarily need a stolen laptop (unless the laptop contains some critical security information, access codes, etc.).

So what's the solution? How can we ensure that electronic healthcare data is secure? Will all hospitals eventually rely on cloud computing? Is cloud computing the answer? Or, do many of the same risks and limitations apply? Maybe the answer is to focus on better data encryption.

4 comments:

  1. It will depend on management and their IT department. I was consulting for a hospital in Central Oregon that had 40 application running an 40 Microsoft machines to host. This is not an Enterprise system. The change to Enterprise Cloud will take time and training of desk top IT staff.
    Cloud computing has been around for a very long time it is proven to work. It is basically client server or a WebApp. The security will always remain in the hands for the decision makers to know how to make the correct choices and implement the control policies. For laptops and desktops that do not have hard drives Cloud will provide much security. But again the implementation must be correct.

    Jeff Brandt MotionPHR Personal Health Record for the iPhone
    myMedBox PHRlite for Android

    ReplyDelete
  2. One other thing, Cloud security can be very safe but you must do your homework on the hosting facility and their policies. Most EMR's are on a server in a closet in doctors offices or in the developer of the EMR offices. One of the biggest risk is server snatching, when at ID thief breaks into the Doctors office and just takes the servers.

    Jeff Brandt MotionPHR Personal Health Record for the iPhone
    myMedBox PHRlite for Android

    ReplyDelete
  3. Jeff, thanks for sharing your comments. Sometimes I wonder how often "server snatching" occurs. Laptops are so easy to steal, but servers should probably be locked up in a very secure location. I wonder how many healthcare providers lock their servers in a secure room (or vault). My guess is: probably too few.

    ReplyDelete
  4. Dr. Kim,
    Server security many time is so lax, you would believe it. Many servers are under employees desk, in closets, or hosted at the developers office. I once consulted for a company that didn't want to spend the money on a good firewall to protect patients billing records.

    The best solution to laptop compromise is encrypt the entire storage drive.

    As for the server snatching, I read about this in an article last year and do not have the reference. They noted that it was becoming a problem.

    As I mention before, Cloud also has it's problem if you do not have the right person in charge of security, software has been designed correctly, and what operating system it is running on.

    ReplyDelete